10 research outputs found
Design of Lightweight Linear Diffusion Layers from Near-MDS Matrices
Near-MDS matrices provide better trade-offs between security and efficiency compared to constructions based on MDS matrices, which are favored for hardwareoriented designs. We present new designs of lightweight linear diffusion layers by constructing lightweight near-MDS matrices. Firstly generic n×n near-MDS circulant matrices are found for 5 ≤ n ≤9. Secondly, the implementation cost of instantiations of the generic near-MDS matrices is examined. Surprisingly, for n = 7, 8, it turns out that some proposed near-MDS circulant matrices of order n have the lowest XOR count among all near-MDS matrices of the same order. Further, for n = 5, 6, we present near-MDS matrices of order n having the lowest XOR count as well. The proposed matrices, together with previous construction of order less than five, lead to solutions of n×n near-MDS matrices with the lowest XOR count over finite fields F2m for 2 ≤ n ≤ 8 and 4 ≤ m ≤ 2048. Moreover, we present some involutory near-MDS matrices of order 8 constructed from Hadamard matrices. Lastly, the security of the proposed linear layers is studied by calculating lower bounds on the number of active S-boxes. It is shown that our linear layers with a well-chosen nonlinear layer can provide sufficient security against differential and linear cryptanalysis
A Generalization of the Subfield Construction
The subfield construction is one of the most promising methods to construct maximum distance separable (MDS) diffusion layers for block ciphers and cryptographic hash functions. In this paper, we give a generalization of this method and investigate the efficiency of our generalization. As a result, we provide several best MDS diffusions with respect to the number of XORs that the diffusion needs. For instance, we give
(i) an involutory MDS diffusion by 85 XORs and
(ii) an involutory MDS diffusion by 122 XORs,
and hence present new records to the literature. Furthermore, we interpret the coding theoretical background of our generalization
Direct construction of quasi-involutory recursive-like MDS matrices from 2-cyclic codes
A good linear diffusion layer is a prerequisite in the design of block ciphers. Usually it is obtained by combining matrices with optimal diffusion property over the Sbox alphabet. These matrices are constructed either directly using some algebraic properties or by enumerating a search space, testing the optimal diffusion property for every element. For implementation purposes, two types of structures are considered: Structures where all the rows derive from the first row and recursive structures built from powers of companion matrices. In this paper, we propose a direct construction for new recursive-like MDS matrices. We show they are quasi-involutory in the sense that the matrix-vector product with the matrix or with its inverse can be implemented by clocking a same LFSR-like architecture. As a direct construction, performances do not outperform the best constructions found with exhaustive search. However, as a new type of construction, it offers alternatives for MDS matrices design
Truncated Differential Attacks: New Insights and 10-round Attacks on QARMA
Truncated differential attacks were introduced by Knudsen in 1994 [1].
They are a well-known family that has arguably received less attention than some other variants of differential attacks. This paper gives some new insight on truncated differential attacks and provides the best-known attacks on both variants of the lightweight cipher QARMA, in the single tweak model, reaching for the first time 10 rounds while contradicting the security claims of this reduced version. These attacks use some new truncated distinguishers as well as some evolved key-recovery techniques
On Constructions of a Sort of MDS Block Diffusion Matrices for Block Ciphers and Hash Functions
Many modern block ciphers use maximum distance separate
(MDS) matrices as their diffusion layers. In this paper, we propose
a new method to verify a sort of MDS diffusion block matrices whose
blocks are all polynomials in a certain primitive block over the
finite field . And then we discover a new kind of
transformations that can retain MDS property of diffusion matrices
and generate a series of new MDS matrices from a given one.
Moreover, we get an equivalence relation from this kind of
transformation. And MDS property is an invariant with respect to
this equivalence relation which can greatly reduce the amount of
computation when we search for MDS matrices. The minimal polynomials
of matrices play an important role in our strategy. To avoid being
too theoretical, we list a series of MDS diffusion matrices obtained
from our method for some specific parameters. Furthermore, we
talk about MDS recursive diffusion layers with our method and extend
the corresponding work of M. Sajadieh et al. published on FSE 2012
and the work of S. Wu published on SAC 2012
Construction of MDS Matrices from Generalized Feistel Structures
This paper investigates the construction of MDS matrices
with generalized Feistel structures (GFS).
The approach developed by this paper consists
in deriving MDS matrices from the product of several sparser ones. This can be
seen as a generalization to several matrices of the recursive construction
which derives MDS matrices as the powers of a single companion matrix.
The first part of this paper gives some theoretical results on the iteration of GFS.
In second part, using GFS and primitive matrices,
we propose some types of sparse matrices that are called
extended primitive GFS (EGFS) matrices.
Then, by applying binary linear functions to several round of EGFS matrices,
lightweight , and MDS matrices are proposed
which are implemented with , and XOR for -bit input, respectively.
The results match the best known lightweight MDS matrix
and improve the best known and MDS matrices.
Moreover, we propose Near-MDS matrices such that
the implementation cost of the proposed matrices are and XOR
for 4 and -bit input, respectively.
Although none of the presented matrices are involutions,
the implementation cost of the inverses of the proposed matrices is
equal to the implementation cost of the given matrices.
Furthermore, the construction presented in this paper is relatively general
and can be applied for other matrix dimensions and finite fields as well
The QARMA Block Cipher Family. Almost MDS Matrices Over Rings With Zero Divisors, Nearly Symmetric Even-Mansour Constructions With Non-Involutory Central Rounds, and Search Heuristics for Low-Latency S-Boxes
This paper introduces QARMA, a new family of lightweight tweakable block ciphers targeted at applications such as memory encryption, the generation of very short tags for hardware-assisted prevention of software exploitation, and the construction of keyed hash functions. QARMA is inspired by reflection ciphers such as PRINCE, to which it adds a tweaking input, and MANTIS. However, QARMA differs from previous reflector constructions in that it is a three-round Even-Mansour scheme instead of a FX-construction, and its middle permutation is non-involutory and keyed. We introduce and analyse a family of Almost MDS matrices defined over a ring with zero divisors that allows us to encode rotations in its operation while maintaining the minimal latency associated to {0, 1}-matrices. The purpose of all these design choices is to harden the cipher against various classes of attacks. We also describe new S-Box search heuristics aimed at minimising the critical path. QARMA exists in 64- and 128-bit block sizes, where block and tweak size are equal, and keys are twice as long as the blocks. We argue that QARMA provides sufficient security margins within the constraints determined by the mentioned applications, while still achieving best-in-class latency. Implementation results on a state-of-the art manufacturing process are reported. Finally, we propose a technique to extend the length of the tweak by using, for instance, a universal hash function, which can also be used to strengthen the security of QARMA
A new hybrid method combining search and direct based construction ideas to generate all 4 Ă— 4 involutory maximum distance separable (MDS) matrices over binary field extensions
This article presents a new hybrid method (combining search based methods and direct construction methods) to generate all 4Ă—4 involutory maximum distance separable (MDS) matrices over F2m . The proposed method reduces the search space complexity at the level of n, where n represents the number of all 4Ă—4 invertible matrices over F2m to be searched for. Hence, this enables us to generate all 4Ă—4 involutory MDS matrices over F23 and F24 . After applying global optimization technique that supports higher Exclusive-OR (XOR) gates (e.g., XOR3, XOR4) to the generated matrices, to the best of our knowledge, we generate the lightest involutory/non-involutory MDS matrices known over F23 , F24 and F28 in terms of XOR count. In this context, we present new 4Ă—4 involutory MDS matrices over F23 , F24 and F28 , which can be implemented by 13 XOR operations with depth 5, 25 XOR operations with depth 5 and 42 XOR operations with depth 4, respectively. Finally, we denote a new property of Hadamard matrix, i.e., (involutory and MDS) Hadamard matrix form is, in fact, a representative matrix form that can be used to generate a small subset of all 2kĂ—2k involutory MDS matrices, where k > 1. For k = 1, Hadamard matrix form can be used to generate all involutory MDS matrices
Proceedings of AUTOMATA 2011 : 17th International Workshop on Cellular Automata and Discrete Complex Systems
International audienceThe proceedings contain full (reviewed) papers and short (non reviewed) papers that were presented at the workshop